How to deploy a HA pair in Citrix ADC

Table of Contents

Case #

You need to setup a high availability HA pair in Citrix ADC, either Citrix ADC VPX or Citrix ADC MPX. You should not confuse the active passive HA pair cluster with the Citrix ADC active active cluster, which allows three or more nodes. The HA pair allows only two nodes in active passive configuration.

Solution #

The high level process for Citrix ADC H/A pair deployment is shown below with numbered steps in the appropriate sequence. For a more generic procedural approach on how to deploy a Citrix Netscaler appliance, refer to the following KB article: https://stefanos.cloud/kb/how-to-deploy-a-citrix-netscaler-appliance/.

First-off, ensure that you have configured the basic network topology of the Citrix ADC appliances as per Citrix best practices and depending on the network topology and requirements of your environment. Also ensure that you have applied all required firewall port rules, as described in the following Citrix KB article: https://support.citrix.com/article/CTX101810.

Also pay special attention to the Hypervisor platform on which the Citrix ADC VPX appliance is hosted. Special considerations must be made for the networking configuration, depending on the requirements and best practices of the Hypervisor platform.

Now you are ready to run the following commands to set up a HA pair in Citrix ADC VPX. Run the commands below in a Citrix ADC VPX CLI session (SSH):

Primary appliance

set ha node -hastatus STAYPRIMARY

Secondary

set ha node -hastatus STAYSECONDARY

Primary and secondary to disable any network interface that is not connected to the network

disable interface <interface_num>

Primary (specify the details of the secondary appliance)

add HA node <id> <ipAddress>

Secondary (specify the details of the primary appliance)

add HA node <id> <ipAddress>

Both primary and secondary (same rpc password)

set ns rpcnode <ipAddressofprimary> -password <string>
set ns rpcnode <ipAddressofsecondary> -password <string>
show ns rpcnode
show ha node

The two above show commands should not show any "Unknown" or "Error" keywords. Also the HA node IDs must be the same in the output of the command on each node, i.e. node 0 and node 1, otherwise you will need to manually change the node ID on each HA node.

Primary (test manual sync)

sync ha files all

Primary (enable HA). In case you added a new appliance to an already existing appliance to form an HA pair, then go to the new appliance and remove the duplicate default route (0.0.0.0/0). Pairing adds the default route defined on the already existing appliance, but does not remove the default route configured on the new appliance.

set ha node -hastatus ENABLED

Primary (test failover)

force HA failover

In case you are facing issues with HA pair operations, consult the following Citrix article and take full system and network packet capture of the appliances while the issues are being reproduced: https://docs.citrix.com/en-us/citrix-adc/13/system/high-availability-introduction/troubleshooting-high-availability.html

Sources #

https://support.citrix.com/article/CTX116748

https://docs.citrix.com/en-us/citrix-adc/13/system/high-availability-introduction/troubleshooting-high-availability.html

https://stefanos.cloud/kb/how-to-deploy-a-citrix-netscaler-appliance/

Citrix
What are your Feelings

Powered by BetterDocs